IBM Support

QMGTOOLS: Blue Diamond FTP

Technote (troubleshooting)


Problem(Abstract)

Is there an easy way to FTP data to the Blue Diamond FTP server?

Resolving the problem

QMGTOOLS has the option to FTP data to the Blue Diamond FTP server.

Note: This is the URL for BD support. BD support can help if there are issues with user ID or other types of error if you believe the iSeries configuration is correct (SSL configuration, etc.) Also, refer to Step 4 for what the FTP process does.


https://www-01.ibm.com/software/support/BlueDiamondRegistration.html

Also, the tool will check to see if port 22 is accessible to the Blue Diamond server. If that port is accessible, we will try to send data using SFTP. SFTP is different than FTPS (or SSL FTP) as SFTP uses port 22 (normally for SSH) whereas SSL FTP uses port 990.

Step 1
Obtain QMGTOOLS following instructions from this URL :
http://www-01.ibm.com/support/docview.wss?uid=nas8N1011297

Note : Make sure you are at the latest build of QMGTOOLS. Refer to this URL :
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020468



Step 2

On the main menu of QMGTOOLS (GO QMGTOOLS/MG) , choose the option to FTP data to IBM and choose *BDFTP.
Note: You will need an user ID and password to access the server. More information can be found here:
http://www-01.ibm.com/software/support/BlueDiamondRegistration.html





Step 3

Required parameters :
- FTPTYPE set to *BDFTP
- IBM/BD ID user must be set
- IBM/BD password must be set
- FILETYPE is either a save file or a file in the IFS (example shown is using file type of *SAVF)
- PMR information (includes PMR number, Branch number, and Country number)





Step 4

The FTP process flow :
- Will try to see if port 22 (SSH) port is open, if that port is open, we will try to use SFTP (secure FTP) to connect to IBM for the transfer

OR

- If port 22 is not accessible, we will try to use FTPS (SSL FTP)
- Attempt to contact the Blue Diamond server over port 990
- After verifying connection to port 990, it will try to see if a welcome screen is shown, else there is an SSL error
- If there is an SSL error, a prompt will ask if you would like the tool to import the digital certificate and try again
- If everything passes, the tool will FTP the data to the Blue Diamond server
- During the transfer, ports 28000-28500 will be used for the transfer, the client's firewall should allow these ports opened to the Blue Diamond FTP server

Note: If an SSL error occurs. The tool will run the command SETUPBDENV to import the digital certificate. The default password will be 'default'. If you do not know the password, refer to the Troubleshooting section below under Invalid Store Password section.



Step 5

You can check the FTP status from the main QMGTOOLS menu (GO QMGTOOLS/MG).




  • - Details of sending data to IBM via *BDFTP



    An example of sending a save file to IBM via *BDFTP option

    - *BDFTP user/pass is whatever was assigned to the user
    - PMR is 11111
    - Branch is 222
    - Country is 333
    - File type is *SAVF
    - Save file is DAGGITY in library QTILIB




    During the FTP process, the tool will rename the file to be sent as :

    11111.222.333.DAGGxxxxxx.savf where :

    11111 is the PMR number
    222 is the branch number
    333 is the country number
    xxxxxx is the microseconds taken from QDATETIME when the process is started

    Note: Since IBM i file names are limited to 10 characters, the tool will override the last 6 characters of the save file with the microseconds. This renaming process also applies to *STDFTP. The reason for doing this is if the same save file name is uploaded multiple times to IBM. In keeping the 10 character limit of file names for an IBM i file, this makes the transferring of the file less complicated.

    For a Blue Diamond customer, an email update will be something like this :

    File Uploaded to: /IBM/Testcust01 - From: 129.42.161.35
    Event: File Uploaded
    Server Local Time: 30 Mar 16 15:51:57
    File Name: 11111.111.111.DAGG998488.savf
    Folder Path: /IBM/Testcust01
    File Size: 29568 bytes
    Remote IP: 129.42.161.35
    Logon Name: MSCI\mrdagbo
    Full Name: Mr. Dagbo
    Protocol: TLS



    Example of sending an IFS file *BDFTP option

    - *BDFTP user/pass is whatever was assigned to the user
    - PMR is 11111
    - Branch is 222
    - Country is 333
    - File type is *IFS
    - IFS file is /tmp/IBMDATA017.zip




    File Uploaded to: /IBM/Testcust01 - From: 129.42.161.36
    Event: File Uploaded
    Server Local Time: 31 Mar 16 06:20:19
    File Name: 11111.222.333.IBMDATA017.zip
    Folder Path: /IBM/Testcust01
    File Size: 1082821 bytes
    Remote IP: 129.42.161.36
    Logon Name: MSCI\mrdagbo
    Full Name: Mr Dagbo
    Protocol: TLS


    During the FTP process, the tool will rename the file to sent as:

    11111.222.333.IBMDATA017.zip

    11111 is the PMR number
    222 is the branch number
    333 is the country number

    The file is not modified before sending. If there are multiple sends of the same file name, the Blue Diamond FTP server will append "Copy of" to the file or "Copy (x) of" where x is the copy number.







Troubleshooting Section For SSL FTP (FTPS) NOT SFTP


Invalid Store Password

The tool needs the *SYSTEM store password to import the digital certificate. Password default is the default password.



If you do not the know the *SYSTEM store password, you can change it.

1) Make sure the HTTP admin job is running. The job is ADMIN ( WRKJOB ADMIN). If this is not started, start it with this command :
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

2) Open up a web browser and navigate to URL where xxxxxxxxxx is the IP/hostname of the IBM i:
http://xxxxxxxxxx:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

3) Click on "Select A Certificate Store" button. On the left pane, choose *SYSTEM and click Continue.




4) Click on the "Reset Password" button to reset the password





SSL Error Still Exists After The Tool Imports The Digital Certificate

1) Make sure the HTTP admin job is running. The job is ADMIN (WRKJOB ADMIN). If this is not started, start it with this command :
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

2) Open up a web browser and navigate to URL where xxxxxxxxxx is the IP/hostname of the IBM i:
http://xxxxxxxxxx:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

3) Click on "Select A Certificate Store" button. On the right pane, choose *SYSTEM and click Continue. The next screen will ask for a password for the *SYSTEM store.




4) After you enter the *SYSTEM store, navigate on the left pane to "Fast Path" and click on "Work With CA Certificate"




5) Verify if these certificates are there. If not, then the tool failed to import the digital certificate.




R710 and later

a) If at OS release V7R1M0 and later, click on "Fast Path" and click on "Work With Client Applications". On the right pane, select "i5/OS TCP/IP FTP Client" and click on the "Work With Application" button. On the right pane, check for Blue Diamond FTP Client. If it is not there, then the tool failed to import the digital certificate correctly. Try the import again.




R610 Only

a) If at OS release V6R1M0, click on "Fast Path" and click on "Work With Client Applications". On the right pane, select "i5/OS TCP/IP FTP Client" and click on the "Work With Application" button.




b) Check to see if the parameter "Define the CA trust list" is set to yes or no. If set to yes, then you have 2 options. Select no and hit apply like in the sample below :



Or follow step 3 in this URL to add certificates GEOTRUINT and GEOTRUROOT to the trust list in the FTP client :
http://www-01.ibm.com/support/docview.wss?uid=nas8N1014798


Document information

More support for: IBM i
General Information

Software version: Version Independent

Operating system(s): IBM i

Software edition: Standard

Reference #: N1021199

Modified date: 19 June 2018


Translate this page: